----- Forwarded message from "Katherine M. Moussouris" <[EMAIL PROTECTED]> ----- > From: "Katherine M. Moussouris" <[EMAIL PROTECTED]> > Date: Tue, 30 May 2000 14:46:08 -0700 > To: [EMAIL PROTECTED] > Subject: [TL-Security-Announce] xlockmore TLSA2000012-1.txt > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ______________________________________________________________________________ > > TurboLinux Security Announcement > > > Package: xlockmore-4.16 and earlier > Date: Mon May 29 20:29:06 PDT 2000 > > Affected TurboLinux versions: 6.0.4 and earlier; 6.0.5 NOT affected > Vulnerability Type: local users can view shadowed password file > TurboLinux Advisory ID#: TLSA2000012-1 > > Credits: This vulnerability was discovered by COVERT labs at > Network Associates, Inc., published to BUGTRAQ Mon, 29 May 2000. > > ______________________________________________________________________________ > > A security hole was discovered in the package mentioned above. > Please update the package in your installation as soon as possible or > disable the service. > ______________________________________________________________________________ > > 1. Problem Summary > > From the COVERT labs NAI advisory: > > "The xlock program locks an X server until a valid password is entered. > The command line option -mode provides a user with a mechanism to > change the default display shown when the X server is locked. xlock > is installed with privileges to obtain password information, although > these are dropped as early as possible. An overflow in the -mode > command line option allows a malicious attacker to reveal arbitrary > portions of xlock's address space including the shadow password file." > > 2. Impact > > A local user can use the overflow to read the shadowed password file. > > 3. Solution > > Update the package from our ftp server by running the following command: > > rpm -Fvh ftp_path_to_filename > > Where ftp_path_to_filename is the following: > > ftp://ftp.turbolinux.com/pub/updates/6.0/security/xlockmore-4.16.1-1.i386.rpm > > The source RPM can be downloaded here: > > ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/xlockmore-4.16.1-1.src.rpm > > **Note: You must rebuild and install the RPM if you choose to download > and install the SRPM. Simply installing the SRPM alone WILL NOT CLOSE > THE SECURITY HOLE. > > Please verify the MD5 checksum of the update before you install: > > MD5 sum Package Name > - ------------------------------------------------------------ > 4987a64d63c0e803e61df11c106d33a3 xlockmore-4.16.1-1.i386.rpm > > fc29032bbef8b9d111b9cadd43954ecc xlockmore-4.16.1-1.src.rpm > ______________________________________________________________________________ > > These packages are GPG signed by Turbolinux for security. Our key > is available here: > > http://www.turbolinux.com/security/tlgpgkey.asc > > To verify a package, use the following command: > > rpm --checksig name_of_rpm > > To examine only the md5sum, use the following command: > > rpm --checksig --nogpg name_of_rpm > > **Note: Checking GPG keys requires RPM 3.0 or higher. > > ______________________________________________________________________________ > You can find more updates on our ftp server: > > ftp://ftp.turbolinux.com/pub/updates/6.0/security/ for TL6.0 Workstation > and Server security updates > ftp://ftp.turbolinux.com/pub/updates/4.0/security/ for TL4.0 Workstation > and Server security updates > > Our webpage for security announcements: > > http://www.turbolinux.com/security > > If you want to report vulnerabilities, please contact: > > [EMAIL PROTECTED] > ______________________________________________________________________________ > > Subscribe to the TurboLinux Security Mailing lists: > > TL-security - A moderated list for discussing security issues in TurboLinux > products. > Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security > > TL-security-announce - An announce-only mailing list for security updates > and alerts. > Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security-announce > ______________________________________________________________________________ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.1 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE5NDY+7eR7bnHQKeQRAi6+AJ4l8YyoByuXICQUoEZx/bij1HoBXACdHRtB > 0rh96Bbbd5v8bFPqxdXvIM4= > =Cfkp > -----END PGP SIGNATURE----- > > > > _______________________________________________ > TL-Security-Announce mailing list > [EMAIL PROTECTED] > http://www.turbolinux.com/mailman/listinfo/tl-security-announce > > ----- End forwarded message ----- Ronny -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
